U.S. Department of Defense
Office of the Assistant Secretary of Defense (Public Affairs)
November 28, 2010

From: Whitman, Bryan Mr OSD PA
Sent: Sunday, November 28, 2010 02:43 PM
To: Whitman, Bryan Mr OSD PA
Subject: Wikileaks

Colleagues,

As you may be aware, several news organizations are about to publish stories on hundreds of thousands of stolen classified State Department documents provided to them by Wilileaks. As we have in the past, we condemn this reckless disclosure of classified information illegally obtained.

We also want to provide you with context and details regarding ongoing efforts to prevent further compromise of sensitive data.

The 9/11 attacks and their aftermath revealed gaps in intra-governmental information sharing. Departments and agencies have taken significant steps to reduce those obstacles, and the work that has been done to date has resulted in considerable improvement in information-sharing and increased cooperation across government operations.

However, as we have now seen with the theft of huge amounts of classified data and the Wikileaks compromises, these efforts to give diplomatic, military, law enforcement and intelligence specialists quicker and easier access to greater amounts of data have had unintended consequences – making our sensitive data more vulnerable to compromise.

That said, the Department has undertaken a series of actions to prevent such incidents from occurring in the future.

On August 12, 2010, Defense Secretary Robert Gates commissioned two reviews to determine what policy, procedural and/or technological shortfalls contributed to the unauthorized disclosure to the Wikileaks website.

As a result of these two reviews, a number of findings and recommendations are in the process of being reviewed and implemented, including the following:

Directing actions to include disabling all write capability to removable media on DoD classified computers, as a temporary technical solution to mitigate the future risks of personnel moving classified data to unclassified systems.

Directing DoD organizations to have limited number of systems authorized to move data from classified to unclassified systems (similar to a KIOSK concept, where it is necessary to meet at a central, supervised location to conduct this activity).

Developing procedures to monitor and detect suspicious, unusual or anomalous user behavior (similar to procedures now being used by credit card companies to detect and monitor fraud).

Conducting security oversight inspections in forward-deployed areas.

Undertaking vulnerability assessments of DoD networks.

Improving awareness and compliance with information protection procedures. For example, CENTCOM has:

Bottom line: It is now much more difficult for a determined actor to get access to and move information outside of authorized channels.

Regards,

Bryan Whitman

(you may use this on the record attributed to me)